What's Changed

• Bump django from 4.2.21 to 4.2.22 by @dependabot[bot] in #1901
• Add back navigation link to vulnerability details page by @rajanarahul93 in #1875
• Add pipeline to compute Advisory ToDos by @keshav-space in #1764
• Add advisory v2 by @TG1999 in #1866
• Throttle API requests based on user permissions by @keshav-space in #1909
• Allow all package types in Github V2 importer by @TG1999 in #1925
• Pipeline Dashboard improvements by @keshav-space in #1920
• Add advisory codefix V2 URL by @TG1999 in #1926
• Prepare for release v37.0.0 by @TG1999 in #1927
• Replace reference with V2 by @TG1999 in #1928
• Fix gitlab and elixir security importer by @TG1999 in #1934
• Fix incorrect pluralization of model names by @keshav-space in #1930
• Preserve field values on unsuccessful form submission by @keshav-space in #1937
• Add Altcha hmac key to settings by @keshav-space in #1938
• Support optional inputs for pipeline steps by @keshav-space in #1951
• Migrate Xen, Curl, Istio and OSS-Fuzz importer by @TG1999 in #1946
• Add avid for gitlab by @TG1999 in #1952
• Add ImpactedPackage model to track affected and fixed packages by @keshav-space in #1970
• Migrate advisory todo to v2 by @TG1999 in #1966
• Add ArchLinux AdvisoryV2 importer pipeline by @keshav-space in #1942
• Add v2 pipeline for importing Red Hat advisories by @keshav-space in #1971
• Bump django from 4.2.22 to 4.2.24 by @dependabot[bot] in #1996
• Add pipeline to unfurl affected VERS range in V2 impacts by @keshav-space in #1995
• Disable Redis AOF persistence by @keshav-space in #1997
• Bump django from 4.2.24 to 4.2.25 by @dependabot[bot] in #1998
• Add affected and fixed_by commit to the ImpactedPackage model by @ziadhany in #2007
• Add CVSSv4 scoring support to OSV parser by @ziadhany in #1974
• Create new aboutcode.federated library #747 by @pombredanne in #2006
• Add workflow to publish aboutcode.federated by @keshav-space in #2045
• Collect SSVC trees by @TG1999 in #2050
• Add support for introduced and fixed commits in AdvisoryData by @ziadhany in #2017
• Restore severity details tab by @TG1999 in #2059
• Fix incorrect default starting year in NVD importer by @Adityakk9031 in #2085
• Migrate EPSS importer for advisory V2 by @ziadhany in #2067
• Migrate Ruby importer to advisory V2 by @ziadhany in #2086
• Handle multiple advisories with same AVID by @TG1999 in #2092
• Make sure we have extra space to store long CVSSv4 values correctly. by @ziadhany in #2094
• Migrate mattermost importer to V2 by @TG1999 in #2095
• Migrate Fireeye importer to advisory V2 by @ziadhany in #2087
• Migrate the NVD importer to use the 2.0 API schema by @ziadhany in #2012
• Check advisory ID is not in aliases by @TG1999 in #2107
• Migrate Importer to Advisory v2 & Collect Existing Fix Commits for Project KB by @ziadhany in #1987
• Support running pipeline only once by @keshav-space in #2112
• Include PackageCommitPatch and Patch in AdvisoryV2 serialization by @keshav-space in #2117
• Migrate Nginx importer to advisory V2 by @ziadhany in #2109
• Add v2 pipeline collect OpenSSL advisory by @keshav-space in #2119
• Add V2 pipeline to collect Kafka advisory by @keshav-space in #2125
• Fix OSV to handle affected_packages correctly & add support to collect commits by @ziadhany in #2080
• Migrate Apache Tomcat V2 importer by @TG1999 in #2128
• Show unstable features warning on staging instance by @keshav-space in #2133
• Fix incorrect OSV-to-PURL mapping for Cargo by @ziadhany in #2131
• Migrate debian importer to v2 by @TG1999 in #2137
• Use full available screen width in run details view by @keshav-space in #2142
• Update README.rst to simplify structure by @DennisClark in #2149
• Add v2 pipeline to collect Ubuntu OSV advisories by @keshav-space in #2145
• Introduce AdvisoryDataV2 class by @TG1999 in #2155
• Add throttling to V3 API by @TG1999 in #2156
• Migrate RetireDotnet to Advisory V2 by @ziadhany in #2141
• Update technologies in VCIO by @TG1999 in #2157
• Migrate Alpine importer to advisory V2 by @ziadhany in #2111
• Add support for parsing Git commit messages by @ziadhany in #1992
• Avoid producing identical hashes for different advisory IDs. by @ziadhany in #2164
• Migrate Suse Scores importer to advisory V2 by @ziadhany in #2101
• Group related advisories on basis of content by @TG1999 in #2169
• Fix package details page by @TG1999 in #2171
• CI Fix: Ignore nixos.wiki in linkcheck by @Samk1710 in #2161
• Relate severity scores with advisories by @TG1999 in #2174
• Fix views bug by @TG1999 in #2175
• Add pipeline to federate package vulnerabilities by @keshav-space in #2159
• Migrate Gentoo importer to advisory V2 by @ziadhany in #2090
• Resolve SyntaxWarning in Fireeye Importer by @ziadhany in #2181
• Use related advisory severity to calculate exploitibility, weighted severity and risk scores by @TG1999 in #2182
• Export incremental updates on subsequent runs of FederatedCode pipeline by @keshav-space in #2183
• Compute content_id from all fields of AdvisoryV2 by @keshav-space in #2191
• Do not update related field of an immutable AdvisoryV2 by @keshav-space in #2192
• Fix null constraint violations in multiple v1 exploit pipelines by @ziadhany in #2189
• Review all v2 pipelines by @TG1999 in #2196

New Contributors

• @rajanarahul93 made their first contribution in #1875
• @Adityakk9031 made their first contribution in #2085
• @DennisClark made their first contribution in #2149
• @Samk1710 made their first contribution in #2161

Full Changelog: v36.1.3...v37.0.0